TclTLS: Hex Artifact Content

Artifact 5b20f6c8882241b92b9f533bff66598bd9b609f9176ae1a911efdd49b9e0c727:

File tests/badssl.test — part of check-in [347e9a4852] at 2024-02-09 20:06:25 on branch trunk — Updated badssl.com test cases for error message format and CA file on Unix. (user: bohagan, size: 8646) [annotate] [blame] [check-ins using]
0000: 23 20 41 75 74 6f 20 67 65 6e 65 72 61 74 65 64  # Auto generated
0010: 20 74 65 73 74 20 63 61 73 65 73 20 66 6f 72 20   test cases for 
0020: 62 61 64 73 73 6c 2e 63 73 76 0a 0a 23 20 4c 6f  badssl.csv..# Lo
0030: 61 64 20 54 63 6c 20 54 65 73 74 20 70 61 63 6b  ad Tcl Test pack
0040: 61 67 65 0a 69 66 20 7b 5b 6c 73 65 61 72 63 68  age.if {[lsearch
0050: 20 5b 6e 61 6d 65 73 70 61 63 65 20 63 68 69 6c   [namespace chil
0060: 64 72 65 6e 5d 20 3a 3a 74 63 6c 74 65 73 74 5d  dren] ::tcltest]
0070: 20 3d 3d 20 2d 31 7d 20 7b 0a 09 70 61 63 6b 61   == -1} {..packa
0080: 67 65 20 72 65 71 75 69 72 65 20 74 63 6c 74 65  ge require tclte
0090: 73 74 0a 09 6e 61 6d 65 73 70 61 63 65 20 69 6d  st..namespace im
00a0: 70 6f 72 74 20 3a 3a 74 63 6c 74 65 73 74 3a 3a  port ::tcltest::
00b0: 2a 0a 7d 0a 0a 73 65 74 20 61 75 74 6f 5f 70 61  *.}..set auto_pa
00c0: 74 68 20 5b 63 6f 6e 63 61 74 20 5b 6c 69 73 74  th [concat [list
00d0: 20 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b   [file dirname [
00e0: 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69 6e  file dirname [in
00f0: 66 6f 20 73 63 72 69 70 74 5d 5d 5d 5d 20 24 61  fo script]]]] $a
0100: 75 74 6f 5f 70 61 74 68 5d 0a 0a 70 61 63 6b 61  uto_path]..packa
0110: 67 65 20 72 65 71 75 69 72 65 20 74 6c 73 0a 0a  ge require tls..
0120: 23 20 43 6f 6e 73 74 72 61 69 6e 74 73 0a 73 6f  # Constraints.so
0130: 75 72 63 65 20 5b 66 69 6c 65 20 6a 6f 69 6e 20  urce [file join 
0140: 5b 66 69 6c 65 20 64 69 72 6e 61 6d 65 20 5b 69  [file dirname [i
0150: 6e 66 6f 20 73 63 72 69 70 74 5d 5d 20 63 6f 6d  nfo script]] com
0160: 6d 6f 6e 2e 74 63 6c 5d 0a 0a 23 20 48 65 6c 70  mon.tcl]..# Help
0170: 65 72 20 66 75 6e 63 74 69 6f 6e 73 0a 70 72 6f  er functions.pro
0180: 63 20 62 61 64 73 73 6c 20 7b 75 72 6c 7d 20 7b  c badssl {url} {
0190: 73 65 74 20 70 6f 72 74 20 34 34 33 3b 6c 61 73  set port 443;las
01a0: 73 69 67 6e 20 5b 73 70 6c 69 74 20 24 75 72 6c  sign [split $url
01b0: 20 22 3a 22 5d 20 75 72 6c 20 70 6f 72 74 3b 69   ":"] url port;i
01c0: 66 20 7b 24 70 6f 72 74 20 65 71 20 22 22 7d 20  f {$port eq ""} 
01d0: 7b 73 65 74 20 70 6f 72 74 20 34 34 33 7d 3b 73  {set port 443};s
01e0: 65 74 20 63 6d 64 20 5b 6c 69 73 74 20 74 6c 73  et cmd [list tls
01f0: 3a 3a 73 6f 63 6b 65 74 20 2d 61 75 74 6f 73 65  ::socket -autose
0200: 72 76 65 72 6e 61 6d 65 20 31 20 2d 72 65 71 75  rvername 1 -requ
0210: 69 72 65 20 31 5d 3b 69 66 20 7b 5b 69 6e 66 6f  ire 1];if {[info
0220: 20 65 78 69 73 74 73 20 3a 3a 65 6e 76 28 53 53   exists ::env(SS
0230: 4c 5f 43 45 52 54 5f 46 49 4c 45 29 5d 7d 20 7b  L_CERT_FILE)]} {
0240: 6c 61 70 70 65 6e 64 20 63 6d 64 20 2d 63 61 66  lappend cmd -caf
0250: 69 6c 65 20 24 3a 3a 65 6e 76 28 53 53 4c 5f 43  ile $::env(SSL_C
0260: 45 52 54 5f 46 49 4c 45 29 7d 3b 6c 61 70 70 65  ERT_FILE)};lappe
0270: 6e 64 20 63 6d 64 20 24 75 72 6c 20 24 70 6f 72  nd cmd $url $por
0280: 74 3b 73 65 74 20 63 68 20 5b 65 76 61 6c 20 24  t;set ch [eval $
0290: 63 6d 64 5d 3b 69 66 20 7b 5b 63 61 74 63 68 20  cmd];if {[catch 
02a0: 7b 74 6c 73 3a 3a 68 61 6e 64 73 68 61 6b 65 20  {tls::handshake 
02b0: 24 63 68 7d 20 65 72 72 5d 7d 20 7b 63 6c 6f 73  $ch} err]} {clos
02c0: 65 20 24 63 68 3b 72 65 74 75 72 6e 20 2d 63 6f  e $ch;return -co
02d0: 64 65 20 65 72 72 6f 72 20 24 65 72 72 7d 20 65  de error $err} e
02e0: 6c 73 65 20 7b 63 6c 6f 73 65 20 24 63 68 7d 7d  lse {close $ch}}
02f0: 0a 0a 23 20 42 61 64 53 53 4c 2e 63 6f 6d 20 54  ..# BadSSL.com T
0300: 65 73 74 73 0a 0a 0a 74 65 73 74 20 42 61 64 53  ests...test BadS
0310: 53 4c 2d 31 2e 31 20 7b 31 30 30 30 2d 73 61 6e  SL-1.1 {1000-san
0320: 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  s} -body {..bads
0330: 73 6c 20 31 30 30 30 2d 73 61 6e 73 2e 62 61 64  sl 1000-sans.bad
0340: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
0350: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
0360: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
0370: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
0380: 65 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69  ed due to "certi
0390: 66 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72  ficate has expir
03a0: 65 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65  ed"} -returnCode
03b0: 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53  s {1}..test BadS
03c0: 53 4c 2d 31 2e 32 20 7b 31 30 30 30 30 2d 73 61  SL-1.2 {10000-sa
03d0: 6e 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ns} -body {..bad
03e0: 73 73 6c 20 31 30 30 30 30 2d 73 61 6e 73 2e 62  ssl 10000-sans.b
03f0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
0400: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
0410: 6b 65 20 66 61 69 6c 65 64 3a 20 65 78 63 65 73  ke failed: exces
0420: 73 69 76 65 20 6d 65 73 73 61 67 65 20 73 69 7a  sive message siz
0430: 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  e} -returnCodes 
0440: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
0450: 2d 31 2e 33 20 7b 33 64 65 73 7d 20 2d 62 6f 64  -1.3 {3des} -bod
0460: 79 20 7b 0a 09 62 61 64 73 73 6c 20 33 64 65 73  y {..badssl 3des
0470: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0480: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
0490: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c  hake failed: ssl
04a0: 76 33 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61  v3 alert handsha
04b0: 6b 65 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74  ke failure} -ret
04c0: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
04d0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 20 7b 63  st BadSSL-1.4 {c
04e0: 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 7d 20 2d  aptive-portal} -
04f0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 63  body {..badssl c
0500: 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 2e 62 61  aptive-portal.ba
0510: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d  dssl.com.    } -
0520: 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b  result {handshak
0530: 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66  e failed: certif
0540: 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69  icate verify fai
0550: 6c 65 64 20 64 75 65 20 74 6f 20 22 48 6f 73 74  led due to "Host
0560: 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 7d 20  name mismatch"} 
0570: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
0580: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0590: 35 20 7b 63 62 63 7d 20 2d 62 6f 64 79 20 7b 0a  5 {cbc} -body {.
05a0: 09 62 61 64 73 73 6c 20 63 62 63 2e 62 61 64 73  .badssl cbc.bads
05b0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
05c0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 36 20 7b 63  st BadSSL-1.6 {c
05d0: 6c 69 65 6e 74 2d 63 65 72 74 2d 6d 69 73 73 69  lient-cert-missi
05e0: 6e 67 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  ng} -body {..bad
05f0: 73 73 6c 20 63 6c 69 65 6e 74 2d 63 65 72 74 2d  ssl client-cert-
0600: 6d 69 73 73 69 6e 67 2e 62 61 64 73 73 6c 2e 63  missing.badssl.c
0610: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
0620: 61 64 53 53 4c 2d 31 2e 37 20 7b 63 6c 69 65 6e  adSSL-1.7 {clien
0630: 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  t} -body {..bads
0640: 73 6c 20 63 6c 69 65 6e 74 2e 62 61 64 73 73 6c  sl client.badssl
0650: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
0660: 20 42 61 64 53 53 4c 2d 31 2e 38 20 7b 64 68 2d   BadSSL-1.8 {dh-
0670: 63 6f 6d 70 6f 73 69 74 65 7d 20 2d 62 6f 64 79  composite} -body
0680: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 2d 63 6f   {..badssl dh-co
0690: 6d 70 6f 73 69 74 65 2e 62 61 64 73 73 6c 2e 63  mposite.badssl.c
06a0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
06b0: 61 64 53 53 4c 2d 31 2e 39 20 7b 64 68 2d 73 6d  adSSL-1.9 {dh-sm
06c0: 61 6c 6c 2d 73 75 62 67 72 6f 75 70 7d 20 2d 62  all-subgroup} -b
06d0: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68  ody {..badssl dh
06e0: 2d 73 6d 61 6c 6c 2d 73 75 62 67 72 6f 75 70 2e  -small-subgroup.
06f0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0700: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0710: 31 30 20 7b 64 68 34 38 30 7d 20 2d 62 6f 64 79  10 {dh480} -body
0720: 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 34 38 30   {..badssl dh480
0730: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0740: 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73  } -result {hands
0750: 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20  hake failed: dh 
0760: 6b 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d  key too small} -
0770: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
0780: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31  .test BadSSL-1.1
0790: 31 20 7b 64 68 35 31 32 7d 20 2d 62 6f 64 79 20  1 {dh512} -body 
07a0: 7b 0a 09 62 61 64 73 73 6c 20 64 68 35 31 32 2e  {..badssl dh512.
07b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
07c0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
07d0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 64 68 20 6b  ake failed: dh k
07e0: 65 79 20 74 6f 6f 20 73 6d 61 6c 6c 7d 20 2d 72  ey too small} -r
07f0: 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a  eturnCodes {1}..
0800: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 31 32  test BadSSL-1.12
0810: 20 7b 64 68 31 30 32 34 7d 20 2d 62 6f 64 79 20   {dh1024} -body 
0820: 7b 0a 09 62 61 64 73 73 6c 20 64 68 31 30 32 34  {..badssl dh1024
0830: 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20  .badssl.com.    
0840: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
0850: 2e 31 33 20 7b 64 68 32 30 34 38 7d 20 2d 62 6f  .13 {dh2048} -bo
0860: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 64 68 32  dy {..badssl dh2
0870: 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  048.badssl.com. 
0880: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
0890: 4c 2d 31 2e 31 34 20 7b 64 73 64 74 65 73 74 70  L-1.14 {dsdtestp
08a0: 72 6f 76 69 64 65 72 7d 20 2d 62 6f 64 79 20 7b  rovider} -body {
08b0: 0a 09 62 61 64 73 73 6c 20 64 73 64 74 65 73 74  ..badssl dsdtest
08c0: 70 72 6f 76 69 64 65 72 2e 62 61 64 73 73 6c 2e  provider.badssl.
08d0: 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c  com.    } -resul
08e0: 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69  t {handshake fai
08f0: 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74 65  led: certificate
0900: 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20 64   verify failed d
0910: 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74 6f  ue to "unable to
0920: 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75 65   get local issue
0930: 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d 20  r certificate"} 
0940: 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d  -returnCodes {1}
0950: 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e  ..test BadSSL-1.
0960: 31 35 20 7b 65 63 63 32 35 36 7d 20 2d 62 6f 64  15 {ecc256} -bod
0970: 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 63 63 32  y {..badssl ecc2
0980: 35 36 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20  56.badssl.com.  
0990: 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c    }..test BadSSL
09a0: 2d 31 2e 31 36 20 7b 65 63 63 33 38 34 7d 20 2d  -1.16 {ecc384} -
09b0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 65  body {..badssl e
09c0: 63 63 33 38 34 2e 62 61 64 73 73 6c 2e 63 6f 6d  cc384.badssl.com
09d0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
09e0: 53 53 4c 2d 31 2e 31 37 20 7b 65 64 65 6c 6c 72  SSL-1.17 {edellr
09f0: 6f 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  oot} -body {..ba
0a00: 64 73 73 6c 20 65 64 65 6c 6c 72 6f 6f 74 2e 62  dssl edellroot.b
0a10: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
0a20: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
0a30: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
0a40: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
0a50: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61  iled due to "una
0a60: 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c  ble to get local
0a70: 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69 63   issuer certific
0a80: 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64  ate"} -returnCod
0a90: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
0aa0: 53 53 4c 2d 31 2e 31 38 20 7b 65 78 70 69 72 65  SSL-1.18 {expire
0ab0: 64 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  d} -body {..bads
0ac0: 73 6c 20 65 78 70 69 72 65 64 2e 62 61 64 73 73  sl expired.badss
0ad0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
0ae0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
0af0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
0b00: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
0b10: 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69   due to "certifi
0b20: 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64  cate has expired
0b30: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
0b40: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
0b50: 2d 31 2e 31 39 20 7b 65 78 74 65 6e 64 65 64 2d  -1.19 {extended-
0b60: 76 61 6c 69 64 61 74 69 6f 6e 7d 20 2d 62 6f 64  validation} -bod
0b70: 79 20 7b 0a 09 62 61 64 73 73 6c 20 65 78 74 65  y {..badssl exte
0b80: 6e 64 65 64 2d 76 61 6c 69 64 61 74 69 6f 6e 2e  nded-validation.
0b90: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
0ba0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
0bb0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
0bc0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
0bd0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 63 65  ailed due to "ce
0be0: 72 74 69 66 69 63 61 74 65 20 68 61 73 20 65 78  rtificate has ex
0bf0: 70 69 72 65 64 22 7d 20 2d 72 65 74 75 72 6e 43  pired"} -returnC
0c00: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
0c10: 61 64 53 53 4c 2d 31 2e 32 30 20 7b 68 73 74 73  adSSL-1.20 {hsts
0c20: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
0c30: 6c 20 68 73 74 73 2e 62 61 64 73 73 6c 2e 63 6f  l hsts.badssl.co
0c40: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
0c50: 64 53 53 4c 2d 31 2e 32 31 20 7b 68 74 74 70 73  dSSL-1.21 {https
0c60: 2d 65 76 65 72 79 77 68 65 72 65 7d 20 2d 62 6f  -everywhere} -bo
0c70: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 68 74 74  dy {..badssl htt
0c80: 70 73 2d 65 76 65 72 79 77 68 65 72 65 2e 62 61  ps-everywhere.ba
0c90: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
0ca0: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 32  test BadSSL-1.22
0cb0: 20 7b 69 6e 63 6f 6d 70 6c 65 74 65 2d 63 68 61   {incomplete-cha
0cc0: 69 6e 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64  in} -body {..bad
0cd0: 73 73 6c 20 69 6e 63 6f 6d 70 6c 65 74 65 2d 63  ssl incomplete-c
0ce0: 68 61 69 6e 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  hain.badssl.com.
0cf0: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
0d00: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
0d10: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
0d20: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
0d30: 6f 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74  o "unable to get
0d40: 20 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65   local issuer ce
0d50: 72 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74  rtificate"} -ret
0d60: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
0d70: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 33 20 7b  st BadSSL-1.23 {
0d80: 69 6e 76 61 6c 69 64 2d 65 78 70 65 63 74 65 64  invalid-expected
0d90: 2d 73 63 74 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  -sct} -body {..b
0da0: 61 64 73 73 6c 20 69 6e 76 61 6c 69 64 2d 65 78  adssl invalid-ex
0db0: 70 65 63 74 65 64 2d 73 63 74 2e 62 61 64 73 73  pected-sct.badss
0dc0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
0dd0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
0de0: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
0df0: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
0e00: 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20   due to "unable 
0e10: 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73  to get local iss
0e20: 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22  uer certificate"
0e30: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
0e40: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
0e50: 31 2e 32 34 20 7b 6c 6f 6e 67 2d 65 78 74 65 6e  1.24 {long-exten
0e60: 64 65 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e 61  ded-subdomain-na
0e70: 6d 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d 61  me-containing-ma
0e80: 6e 79 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d 64  ny-letters-and-d
0e90: 61 73 68 65 73 7d 20 2d 62 6f 64 79 20 7b 0a 09  ashes} -body {..
0ea0: 62 61 64 73 73 6c 20 6c 6f 6e 67 2d 65 78 74 65  badssl long-exte
0eb0: 6e 64 65 64 2d 73 75 62 64 6f 6d 61 69 6e 2d 6e  nded-subdomain-n
0ec0: 61 6d 65 2d 63 6f 6e 74 61 69 6e 69 6e 67 2d 6d  ame-containing-m
0ed0: 61 6e 79 2d 6c 65 74 74 65 72 73 2d 61 6e 64 2d  any-letters-and-
0ee0: 64 61 73 68 65 73 2e 62 61 64 73 73 6c 2e 63 6f  dashes.badssl.co
0ef0: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
0f00: 64 53 53 4c 2d 31 2e 32 35 20 7b 6c 6f 6e 67 65  dSSL-1.25 {longe
0f10: 78 74 65 6e 64 65 64 73 75 62 64 6f 6d 61 69 6e  xtendedsubdomain
0f20: 6e 61 6d 65 77 69 74 68 6f 75 74 64 61 73 68 65  namewithoutdashe
0f30: 73 69 6e 6f 72 64 65 72 74 6f 74 65 73 74 77 6f  sinordertotestwo
0f40: 72 64 77 72 61 70 70 69 6e 67 7d 20 2d 62 6f 64  rdwrapping} -bod
0f50: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6c 6f 6e 67  y {..badssl long
0f60: 65 78 74 65 6e 64 65 64 73 75 62 64 6f 6d 61 69  extendedsubdomai
0f70: 6e 6e 61 6d 65 77 69 74 68 6f 75 74 64 61 73 68  nnamewithoutdash
0f80: 65 73 69 6e 6f 72 64 65 72 74 6f 74 65 73 74 77  esinordertotestw
0f90: 6f 72 64 77 72 61 70 70 69 6e 67 2e 62 61 64 73  ordwrapping.bads
0fa0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65  sl.com.    }..te
0fb0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 32 36 20 7b  st BadSSL-1.26 {
0fc0: 6d 69 74 6d 2d 73 6f 66 74 77 61 72 65 7d 20 2d  mitm-software} -
0fd0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d  body {..badssl m
0fe0: 69 74 6d 2d 73 6f 66 74 77 61 72 65 2e 62 61 64  itm-software.bad
0ff0: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
1000: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
1010: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
1020: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
1030: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c  ed due to "unabl
1040: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69  e to get local i
1050: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74  ssuer certificat
1060: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  e"} -returnCodes
1070: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1080: 4c 2d 31 2e 32 37 20 7b 6e 6f 2d 63 6f 6d 6d 6f  L-1.27 {no-commo
1090: 6e 2d 6e 61 6d 65 7d 20 2d 62 6f 64 79 20 7b 0a  n-name} -body {.
10a0: 09 62 61 64 73 73 6c 20 6e 6f 2d 63 6f 6d 6d 6f  .badssl no-commo
10b0: 6e 2d 6e 61 6d 65 2e 62 61 64 73 73 6c 2e 63 6f  n-name.badssl.co
10c0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
10d0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
10e0: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
10f0: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1100: 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65   to "certificate
1110: 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d   has expired"} -
1120: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1130: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 32  .test BadSSL-1.2
1140: 38 20 7b 6e 6f 2d 73 63 74 7d 20 2d 62 6f 64 79  8 {no-sct} -body
1150: 20 7b 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 63   {..badssl no-sc
1160: 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20  t.badssl.com.   
1170: 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64   } -result {hand
1180: 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65  shake failed: ce
1190: 72 74 69 66 69 63 61 74 65 20 76 65 72 69 66 79  rtificate verify
11a0: 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22   failed due to "
11b0: 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f  unable to get lo
11c0: 63 61 6c 20 69 73 73 75 65 72 20 63 65 72 74 69  cal issuer certi
11d0: 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e  ficate"} -return
11e0: 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20  Codes {1}..test 
11f0: 42 61 64 53 53 4c 2d 31 2e 32 39 20 7b 6e 6f 2d  BadSSL-1.29 {no-
1200: 73 75 62 6a 65 63 74 7d 20 2d 62 6f 64 79 20 7b  subject} -body {
1210: 0a 09 62 61 64 73 73 6c 20 6e 6f 2d 73 75 62 6a  ..badssl no-subj
1220: 65 63 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ect.badssl.com. 
1230: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
1240: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
1250: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
1260: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
1270: 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68 61   "certificate ha
1280: 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65 74  s expired"} -ret
1290: 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65  urnCodes {1}..te
12a0: 73 74 20 42 61 64 53 53 4c 2d 31 2e 33 30 20 7b  st BadSSL-1.30 {
12b0: 6e 75 6c 6c 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  null} -body {..b
12c0: 61 64 73 73 6c 20 6e 75 6c 6c 2e 62 61 64 73 73  adssl null.badss
12d0: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
12e0: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
12f0: 61 69 6c 65 64 3a 20 73 73 6c 76 33 20 61 6c 65  ailed: sslv3 ale
1300: 72 74 20 68 61 6e 64 73 68 61 6b 65 20 66 61 69  rt handshake fai
1310: 6c 75 72 65 7d 20 2d 72 65 74 75 72 6e 43 6f 64  lure} -returnCod
1320: 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64  es {1}..test Bad
1330: 53 53 4c 2d 31 2e 33 31 20 7b 70 69 6e 6e 69 6e  SSL-1.31 {pinnin
1340: 67 2d 74 65 73 74 7d 20 2d 62 6f 64 79 20 7b 0a  g-test} -body {.
1350: 09 62 61 64 73 73 6c 20 70 69 6e 6e 69 6e 67 2d  .badssl pinning-
1360: 74 65 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  test.badssl.com.
1370: 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53      }..test BadS
1380: 53 4c 2d 31 2e 33 32 20 7b 70 72 65 61 63 74 2d  SL-1.32 {preact-
1390: 63 6c 69 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61  cli} -body {..ba
13a0: 64 73 73 6c 20 70 72 65 61 63 74 2d 63 6c 69 2e  dssl preact-cli.
13b0: 62 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d  badssl.com.    }
13c0: 20 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68   -result {handsh
13d0: 61 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74  ake failed: cert
13e0: 69 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66  ificate verify f
13f0: 61 69 6c 65 64 20 64 75 65 20 74 6f 20 22 75 6e  ailed due to "un
1400: 61 62 6c 65 20 74 6f 20 67 65 74 20 6c 6f 63 61  able to get loca
1410: 6c 20 69 73 73 75 65 72 20 63 65 72 74 69 66 69  l issuer certifi
1420: 63 61 74 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f  cate"} -returnCo
1430: 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61  des {1}..test Ba
1440: 64 53 53 4c 2d 31 2e 33 33 20 7b 70 72 65 6c 6f  dSSL-1.33 {prelo
1450: 61 64 65 64 2d 68 73 74 73 7d 20 2d 62 6f 64 79  aded-hsts} -body
1460: 20 7b 0a 09 62 61 64 73 73 6c 20 70 72 65 6c 6f   {..badssl prelo
1470: 61 64 65 64 2d 68 73 74 73 2e 62 61 64 73 73 6c  aded-hsts.badssl
1480: 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74  .com.    }..test
1490: 20 42 61 64 53 53 4c 2d 31 2e 33 34 20 7b 72 63   BadSSL-1.34 {rc
14a0: 34 2d 6d 64 35 7d 20 2d 62 6f 64 79 20 7b 0a 09  4-md5} -body {..
14b0: 62 61 64 73 73 6c 20 72 63 34 2d 6d 64 35 2e 62  badssl rc4-md5.b
14c0: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
14d0: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
14e0: 6b 65 20 66 61 69 6c 65 64 3a 20 73 73 6c 76 33  ke failed: sslv3
14f0: 20 61 6c 65 72 74 20 68 61 6e 64 73 68 61 6b 65   alert handshake
1500: 20 66 61 69 6c 75 72 65 7d 20 2d 72 65 74 75 72   failure} -retur
1510: 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74  nCodes {1}..test
1520: 20 42 61 64 53 53 4c 2d 31 2e 33 35 20 7b 72 63   BadSSL-1.35 {rc
1530: 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  4} -body {..bads
1540: 73 6c 20 72 63 34 2e 62 61 64 73 73 6c 2e 63 6f  sl rc4.badssl.co
1550: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
1560: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1570: 64 3a 20 73 73 6c 76 33 20 61 6c 65 72 74 20 68  d: sslv3 alert h
1580: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 75 72 65  andshake failure
1590: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
15a0: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
15b0: 31 2e 33 36 20 7b 72 65 76 6f 6b 65 64 7d 20 2d  1.36 {revoked} -
15c0: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 72  body {..badssl r
15d0: 65 76 6f 6b 65 64 2e 62 61 64 73 73 6c 2e 63 6f  evoked.badssl.co
15e0: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
15f0: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1600: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
1610: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1620: 20 74 6f 20 22 63 65 72 74 69 66 69 63 61 74 65   to "certificate
1630: 20 68 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d   has expired"} -
1640: 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a  returnCodes {1}.
1650: 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 33  .test BadSSL-1.3
1660: 37 20 7b 72 73 61 32 30 34 38 7d 20 2d 62 6f 64  7 {rsa2048} -bod
1670: 79 20 7b 0a 09 62 61 64 73 73 6c 20 72 73 61 32  y {..badssl rsa2
1680: 30 34 38 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  048.badssl.com. 
1690: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
16a0: 4c 2d 31 2e 33 38 20 7b 72 73 61 34 30 39 36 7d  L-1.38 {rsa4096}
16b0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
16c0: 20 72 73 61 34 30 39 36 2e 62 61 64 73 73 6c 2e   rsa4096.badssl.
16d0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  com.    }..test 
16e0: 42 61 64 53 53 4c 2d 31 2e 33 39 20 7b 72 73 61  BadSSL-1.39 {rsa
16f0: 38 31 39 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  8192} -body {..b
1700: 61 64 73 73 6c 20 72 73 61 38 31 39 32 2e 62 61  adssl rsa8192.ba
1710: 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a  dssl.com.    }..
1720: 74 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 30  test BadSSL-1.40
1730: 20 7b 73 65 6c 66 2d 73 69 67 6e 65 64 7d 20 2d   {self-signed} -
1740: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73  body {..badssl s
1750: 65 6c 66 2d 73 69 67 6e 65 64 2e 62 61 64 73 73  elf-signed.badss
1760: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73  l.com.    } -res
1770: 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66  ult {handshake f
1780: 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61  ailed: certifica
1790: 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64  te verify failed
17a0: 20 64 75 65 20 74 6f 20 22 73 65 6c 66 20 73 69   due to "self si
17b0: 67 6e 65 64 20 63 65 72 74 69 66 69 63 61 74 65  gned certificate
17c0: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
17d0: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
17e0: 2d 31 2e 34 31 20 7b 73 68 61 31 2d 32 30 31 36  -1.41 {sha1-2016
17f0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
1800: 6c 20 73 68 61 31 2d 32 30 31 36 2e 62 61 64 73  l sha1-2016.bads
1810: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
1820: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
1830: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
1840: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
1850: 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65  d due to "unable
1860: 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73   to get local is
1870: 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74 65  suer certificate
1880: 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20  "} -returnCodes 
1890: 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c  {1}..test BadSSL
18a0: 2d 31 2e 34 32 20 7b 73 68 61 31 2d 32 30 31 37  -1.42 {sha1-2017
18b0: 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73  } -body {..badss
18c0: 6c 20 73 68 61 31 2d 32 30 31 37 2e 62 61 64 73  l sha1-2017.bads
18d0: 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65  sl.com.    } -re
18e0: 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20  sult {handshake 
18f0: 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63  failed: certific
1900: 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c 65  ate verify faile
1910: 64 20 64 75 65 20 74 6f 20 22 63 65 72 74 69 66  d due to "certif
1920: 69 63 61 74 65 20 68 61 73 20 65 78 70 69 72 65  icate has expire
1930: 64 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  d"} -returnCodes
1940: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1950: 4c 2d 31 2e 34 33 20 7b 73 68 61 31 2d 69 6e 74  L-1.43 {sha1-int
1960: 65 72 6d 65 64 69 61 74 65 7d 20 2d 62 6f 64 79  ermediate} -body
1970: 20 7b 0a 09 62 61 64 73 73 6c 20 73 68 61 31 2d   {..badssl sha1-
1980: 69 6e 74 65 72 6d 65 64 69 61 74 65 2e 62 61 64  intermediate.bad
1990: 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72  ssl.com.    } -r
19a0: 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65  esult {handshake
19b0: 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69 66 69   failed: certifi
19c0: 63 61 74 65 20 76 65 72 69 66 79 20 66 61 69 6c  cate verify fail
19d0: 65 64 20 64 75 65 20 74 6f 20 22 75 6e 61 62 6c  ed due to "unabl
19e0: 65 20 74 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69  e to get local i
19f0: 73 73 75 65 72 20 63 65 72 74 69 66 69 63 61 74  ssuer certificat
1a00: 65 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  e"} -returnCodes
1a10: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1a20: 4c 2d 31 2e 34 34 20 7b 73 68 61 32 35 36 7d 20  L-1.44 {sha256} 
1a30: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1a40: 73 68 61 32 35 36 2e 62 61 64 73 73 6c 2e 63 6f  sha256.badssl.co
1a50: 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61  m.    }..test Ba
1a60: 64 53 53 4c 2d 31 2e 34 35 20 7b 73 68 61 33 38  dSSL-1.45 {sha38
1a70: 34 7d 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73  4} -body {..bads
1a80: 73 6c 20 73 68 61 33 38 34 2e 62 61 64 73 73 6c  sl sha384.badssl
1a90: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
1aa0: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
1ab0: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
1ac0: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
1ad0: 64 75 65 20 74 6f 20 22 63 65 72 74 69 66 69 63  due to "certific
1ae0: 61 74 65 20 68 61 73 20 65 78 70 69 72 65 64 22  ate has expired"
1af0: 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b  } -returnCodes {
1b00: 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d  1}..test BadSSL-
1b10: 31 2e 34 36 20 7b 73 68 61 35 31 32 7d 20 2d 62  1.46 {sha512} -b
1b20: 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 68  ody {..badssl sh
1b30: 61 35 31 32 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a  a512.badssl.com.
1b40: 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68      } -result {h
1b50: 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a  andshake failed:
1b60: 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72   certificate ver
1b70: 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74  ify failed due t
1b80: 6f 20 22 63 65 72 74 69 66 69 63 61 74 65 20 68  o "certificate h
1b90: 61 73 20 65 78 70 69 72 65 64 22 7d 20 2d 72 65  as expired"} -re
1ba0: 74 75 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74  turnCodes {1}..t
1bb0: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 34 37 20  est BadSSL-1.47 
1bc0: 7b 73 74 61 74 69 63 2d 72 73 61 7d 20 2d 62 6f  {static-rsa} -bo
1bd0: 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 73 74 61  dy {..badssl sta
1be0: 74 69 63 2d 72 73 61 2e 62 61 64 73 73 6c 2e 63  tic-rsa.badssl.c
1bf0: 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42  om.    }..test B
1c00: 61 64 53 53 4c 2d 31 2e 34 38 20 7b 73 75 62 64  adSSL-1.48 {subd
1c10: 6f 6d 61 69 6e 2e 70 72 65 6c 6f 61 64 65 64 2d  omain.preloaded-
1c20: 68 73 74 73 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  hsts} -body {..b
1c30: 61 64 73 73 6c 20 73 75 62 64 6f 6d 61 69 6e 2e  adssl subdomain.
1c40: 70 72 65 6c 6f 61 64 65 64 2d 68 73 74 73 2e 62  preloaded-hsts.b
1c50: 61 64 73 73 6c 2e 63 6f 6d 0a 20 20 20 20 7d 20  adssl.com.    } 
1c60: 2d 72 65 73 75 6c 74 20 7b 68 61 6e 64 73 68 61  -result {handsha
1c70: 6b 65 20 66 61 69 6c 65 64 3a 20 63 65 72 74 69  ke failed: certi
1c80: 66 69 63 61 74 65 20 76 65 72 69 66 79 20 66 61  ficate verify fa
1c90: 69 6c 65 64 20 64 75 65 20 74 6f 20 22 48 6f 73  iled due to "Hos
1ca0: 74 6e 61 6d 65 20 6d 69 73 6d 61 74 63 68 22 7d  tname mismatch"}
1cb0: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
1cc0: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1cd0: 2e 34 39 20 7b 73 75 70 65 72 66 69 73 68 7d 20  .49 {superfish} 
1ce0: 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20  -body {..badssl 
1cf0: 73 75 70 65 72 66 69 73 68 2e 62 61 64 73 73 6c  superfish.badssl
1d00: 2e 63 6f 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75  .com.    } -resu
1d10: 6c 74 20 7b 68 61 6e 64 73 68 61 6b 65 20 66 61  lt {handshake fa
1d20: 69 6c 65 64 3a 20 63 65 72 74 69 66 69 63 61 74  iled: certificat
1d30: 65 20 76 65 72 69 66 79 20 66 61 69 6c 65 64 20  e verify failed 
1d40: 64 75 65 20 74 6f 20 22 75 6e 61 62 6c 65 20 74  due to "unable t
1d50: 6f 20 67 65 74 20 6c 6f 63 61 6c 20 69 73 73 75  o get local issu
1d60: 65 72 20 63 65 72 74 69 66 69 63 61 74 65 22 7d  er certificate"}
1d70: 20 2d 72 65 74 75 72 6e 43 6f 64 65 73 20 7b 31   -returnCodes {1
1d80: 7d 0a 0a 74 65 73 74 20 42 61 64 53 53 4c 2d 31  }..test BadSSL-1
1d90: 2e 35 30 20 7b 74 6c 73 2d 76 31 2d 30 3a 31 30  .50 {tls-v1-0:10
1da0: 31 30 7d 20 2d 63 6f 6e 73 74 72 61 69 6e 74 73  10} -constraints
1db0: 20 7b 74 6c 73 31 7d 20 2d 62 6f 64 79 20 7b 0a   {tls1} -body {.
1dc0: 09 62 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 30  .badssl tls-v1-0
1dd0: 2e 62 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 30  .badssl.com:1010
1de0: 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64  .    }..test Bad
1df0: 53 53 4c 2d 31 2e 35 31 20 7b 74 6c 73 2d 76 31  SSL-1.51 {tls-v1
1e00: 2d 31 3a 31 30 31 31 7d 20 2d 63 6f 6e 73 74 72  -1:1011} -constr
1e10: 61 69 6e 74 73 20 7b 74 6c 73 31 2e 31 7d 20 2d  aints {tls1.1} -
1e20: 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c 20 74  body {..badssl t
1e30: 6c 73 2d 76 31 2d 31 2e 62 61 64 73 73 6c 2e 63  ls-v1-1.badssl.c
1e40: 6f 6d 3a 31 30 31 31 0a 20 20 20 20 7d 0a 0a 74  om:1011.    }..t
1e50: 65 73 74 20 42 61 64 53 53 4c 2d 31 2e 35 32 20  est BadSSL-1.52 
1e60: 7b 74 6c 73 2d 76 31 2d 32 3a 31 30 31 32 7d 20  {tls-v1-2:1012} 
1e70: 2d 63 6f 6e 73 74 72 61 69 6e 74 73 20 7b 74 6c  -constraints {tl
1e80: 73 31 2e 32 7d 20 2d 62 6f 64 79 20 7b 0a 09 62  s1.2} -body {..b
1e90: 61 64 73 73 6c 20 74 6c 73 2d 76 31 2d 32 2e 62  adssl tls-v1-2.b
1ea0: 61 64 73 73 6c 2e 63 6f 6d 3a 31 30 31 32 0a 20  adssl.com:1012. 
1eb0: 20 20 20 7d 0a 0a 74 65 73 74 20 42 61 64 53 53     }..test BadSS
1ec0: 4c 2d 31 2e 35 33 20 7b 75 6e 74 72 75 73 74 65  L-1.53 {untruste
1ed0: 64 2d 72 6f 6f 74 7d 20 2d 62 6f 64 79 20 7b 0a  d-root} -body {.
1ee0: 09 62 61 64 73 73 6c 20 75 6e 74 72 75 73 74 65  .badssl untruste
1ef0: 64 2d 72 6f 6f 74 2e 62 61 64 73 73 6c 2e 63 6f  d-root.badssl.co
1f00: 6d 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20  m.    } -result 
1f10: 7b 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65  {handshake faile
1f20: 64 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76  d: certificate v
1f30: 65 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65  erify failed due
1f40: 20 74 6f 20 22 73 65 6c 66 20 73 69 67 6e 65 64   to "self signed
1f50: 20 63 65 72 74 69 66 69 63 61 74 65 20 69 6e 20   certificate in 
1f60: 63 65 72 74 69 66 69 63 61 74 65 20 63 68 61 69  certificate chai
1f70: 6e 22 7d 20 2d 72 65 74 75 72 6e 43 6f 64 65 73  n"} -returnCodes
1f80: 20 7b 31 7d 0a 0a 74 65 73 74 20 42 61 64 53 53   {1}..test BadSS
1f90: 4c 2d 31 2e 35 34 20 7b 75 70 67 72 61 64 65 7d  L-1.54 {upgrade}
1fa0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
1fb0: 20 75 70 67 72 61 64 65 2e 62 61 64 73 73 6c 2e   upgrade.badssl.
1fc0: 63 6f 6d 0a 20 20 20 20 7d 0a 0a 74 65 73 74 20  com.    }..test 
1fd0: 42 61 64 53 53 4c 2d 31 2e 35 35 20 7b 77 65 62  BadSSL-1.55 {web
1fe0: 70 61 63 6b 2d 64 65 76 2d 73 65 72 76 65 72 7d  pack-dev-server}
1ff0: 20 2d 62 6f 64 79 20 7b 0a 09 62 61 64 73 73 6c   -body {..badssl
2000: 20 77 65 62 70 61 63 6b 2d 64 65 76 2d 73 65 72   webpack-dev-ser
2010: 76 65 72 2e 62 61 64 73 73 6c 2e 63 6f 6d 0a 20  ver.badssl.com. 
2020: 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b 68 61     } -result {ha
2030: 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64 3a 20  ndshake failed: 
2040: 63 65 72 74 69 66 69 63 61 74 65 20 76 65 72 69  certificate veri
2050: 66 79 20 66 61 69 6c 65 64 20 64 75 65 20 74 6f  fy failed due to
2060: 20 22 75 6e 61 62 6c 65 20 74 6f 20 67 65 74 20   "unable to get 
2070: 6c 6f 63 61 6c 20 69 73 73 75 65 72 20 63 65 72  local issuer cer
2080: 74 69 66 69 63 61 74 65 22 7d 20 2d 72 65 74 75  tificate"} -retu
2090: 72 6e 43 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73  rnCodes {1}..tes
20a0: 74 20 42 61 64 53 53 4c 2d 31 2e 35 36 20 7b 77  t BadSSL-1.56 {w
20b0: 72 6f 6e 67 2e 68 6f 73 74 7d 20 2d 62 6f 64 79  rong.host} -body
20c0: 20 7b 0a 09 62 61 64 73 73 6c 20 77 72 6f 6e 67   {..badssl wrong
20d0: 2e 68 6f 73 74 2e 62 61 64 73 73 6c 2e 63 6f 6d  .host.badssl.com
20e0: 0a 20 20 20 20 7d 20 2d 72 65 73 75 6c 74 20 7b  .    } -result {
20f0: 68 61 6e 64 73 68 61 6b 65 20 66 61 69 6c 65 64  handshake failed
2100: 3a 20 63 65 72 74 69 66 69 63 61 74 65 20 76 65  : certificate ve
2110: 72 69 66 79 20 66 61 69 6c 65 64 20 64 75 65 20  rify failed due 
2120: 74 6f 20 22 48 6f 73 74 6e 61 6d 65 20 6d 69 73  to "Hostname mis
2130: 6d 61 74 63 68 22 7d 20 2d 72 65 74 75 72 6e 43  match"} -returnC
2140: 6f 64 65 73 20 7b 31 7d 0a 0a 74 65 73 74 20 42  odes {1}..test B
2150: 61 64 53 53 4c 2d 31 2e 35 37 20 7b 6d 6f 7a 69  adSSL-1.57 {mozi
2160: 6c 6c 61 2d 6d 6f 64 65 72 6e 7d 20 2d 62 6f 64  lla-modern} -bod
2170: 79 20 7b 0a 09 62 61 64 73 73 6c 20 6d 6f 7a 69  y {..badssl mozi
2180: 6c 6c 61 2d 6d 6f 64 65 72 6e 2e 62 61 64 73 73  lla-modern.badss
2190: 6c 2e 63 6f 6d 0a 20 20 20 20 7d 0a 0a 23 20 43  l.com.    }..# C
21a0: 6c 65 61 6e 75 70 0a 3a 3a 74 63 6c 74 65 73 74  leanup.::tcltest
21b0: 3a 3a 63 6c 65 61 6e 75 70 54 65 73 74 73 0a 72  ::cleanupTests.r
21c0: 65 74 75 72 6e 0a                                eturn.